A cautionary tale

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
spatmur
DD-WRT Novice


Joined: 19 Aug 2016
Posts: 14
Location: United States of Denial

PostPosted: Thu Feb 16, 2017 19:22    Post subject: A cautionary tale Reply with quote
Hello everyone, I've got a cautionary tale here, rather than a problem, so
read on if you are at all interested.

If not, TL;DR: Always double check your settings before you hit that "Apply"
button, and listen to your kids if you have them, because they're smart.

Recently, I installed a new internet gateway for my home network, replacing
the R7000 running DD-WRT that has served admirably for the past few years. As
the R7000 is still viable, I have repurposed it as the wireless access point
for our network and have additionally decided to employ a guest network on it
since it is now freed from the job of being a gateway router.

Being as Kong recently released a new firmware (31205), I decided to wipe the
current config and upgrade after I was sure that the new gateway was working
properly. I sat down with the R7000, plugged my laptop in, SSHed to it, and
issued the erase nvram command. After a reboot, we were back to defaults and
I proceeded to upload the new firmware, allowed it to reset itself and reboot,
and then set about configuring it as WAP.

I went through the steps outlined in the Wireless Access Point page on the
wiki, taking care to prevent Firefox from trying to insert saved information
in the setup fields, and eventually came to the point where I hit the "Apply
Settings" button. I was then kicked out of the GUI interface, as my home
net is not on the 192.168.1.0/24 subnet. This was expected behavior, so I
turned off the R7000, moved it to its new home on top of the China Cabinet,
and plugged it into the network. I then watched it come up, all indicator
lights coming on as expected, things looked good. Brought the iPhone out,
let it sign on to the Wireless network, able to access the Internet, Mail
app worked as expected. We were in business.

Feeling confident, I went over to my laptop, brought up the list of available
wireless networks, and noticed that the 5G wasn't showing up. I remembered
that I had to tweak the 5G settings to accommodate my laptop, as the driver
was somewhat cranky under Linux.

I brought up a browser, typed in the R7000's IP address, and... nothing.

Confused, I cleared my browser cache, and tried again, and still nothing.

I then tried to ping it. No response. Moved to a computer connected
physically to the network switch, still nothing. Oddly enough, all wireless
clients connected without issue to the wireless and could see devices on the
network and connect to the internet. Everything was working as it should,
except no web interface or SSH access. Strange. My first thought was that I
didn't clear the nvram properly, or perhaps Firefox had snuck something in on
me and autofilled some value that I missed. I didn't feel like figuring the
cause out as long as the wireless clients had no connection issues. I could
work out what was going on later.

Forward to my getting home from work the next day, I hung out with the kids,
and then set to work getting to the bottom of this. I logged into my new
gateway, and did an "arp -a", but the R7000 didn't show up. I did the same
on my network switch, and still no R7000.

Becoming concerned that I've managed to soft brick the thing somehow, I then
decided to plug directly into the R7000 before turning to more drasic measures.
As I was getting ready to do so, my eldest son walks up and asks if I'm still
having trouble with the R7000. I told him yes, and said it's working properly,
but I can't get to the device itself. He responded with a question, "Oh, well,
could it be on a different network?" I was about to ask him why it would be on
another network when it hit me: What if it is on another network? I ifconfig-ed
my laptop to be on the 192.168.1.0/24 network, pointed Firefox at 192.168.1.1,
and lo and behold, there was the login page.

After I set the R7000's static address to the proper subnet and double-checked
my settings before committing, I tried to work out what happened. I can only
conclude that Firefox must have tried to autofill something, I stopped it, and
it kept the IP on 192.168.1.1 without my noticing it. As it was configured
as a router, and was set to forward packets between interfaces, it was happily
sending packets from its subnet to the actually configured subnet that my home
network exists on. Thus, nothing was truly broken. I thanked my future
network engineer son and called it a night.
Sponsor
jwh7
DD-WRT Guru


Joined: 25 Oct 2013
Posts: 901
Location: Indy

PostPosted: Thu Feb 16, 2017 19:52    Post subject: Re: A cautionary tale Reply with quote
spatmur wrote:
I sat down with the R7000, plugged my laptop in, SSHed to it, and issued the erase nvram command. After a reboot, we were back to defaults and I proceeded to upload the new firmware, allowed it to reset itself and reboot, and then set about configuring it as WAP.
Side note; you should do the 'erase nvram' after the f/w update. Running it only prior could potentially restore deprecated/changed defaults; unless you serial-break CFE and flash before DD defaults its nvram. The most conservative method would be to GUI reset before, then erase nvram after upgrading. I used to GUI reset before upgrading, but haven't in a long time.
_________________
x64 pfSense 2.4.0b|RT-N66U@663 Merlin 380.67b1|32170: WNDR4500v2 & WNDR4000@533 k3, 31825: WRT54GSv6@250 µ
& GLv1.1@250 VoIP
|GLv1.1@250 TM 1.28.7636 VPN|OEM: WGR614v10@400-WNR1000v3 mod, HWREN1v1-HWABN1v1 mod
# NAT/CTF: slow/limited speed on DD # Repeater issues # DD-WRT info: Builds, Types, Changelog[SVN], Peacock, Demo #
spatmur
DD-WRT Novice


Joined: 19 Aug 2016
Posts: 14
Location: United States of Denial

PostPosted: Thu Feb 16, 2017 19:59    Post subject: Reply with quote
Noted. I seem to recall, now that you've mentioned it, that a second erasure of the nvram was recommended. I will keep that in mind for the future. Thanks!
MDA400
DD-WRT User


Joined: 10 Jan 2015
Posts: 218
Location: Minnesota

PostPosted: Fri Feb 17, 2017 15:13    Post subject: Re: A cautionary tale Reply with quote
spatmur wrote:

Recently, I installed a new internet gateway for my home network, replacing
the R7000 running DD-WRT that has served admirably for the past few years. As
the R7000 is still viable, I have repurposed it as the wireless access point
for our network and have additionally decided to employ a guest network on it
since it is now freed from the job of being a gateway router.


By "internet gateway", do you mean a combo modem/router or just a newer router?

Just curious as I couldn't see anyone needing to replace a R7000 unless they can't cover their whole premises, need a faster one that can provide more throughput with DD-wrt (with its lack of hardware nat acceleration), or simply bricked it.

If combo modem/router, then i'd get just a modem and reinstate that R7000 because most combo units (whether fiber, cable, dsl, etc.) are poor in terms of functionality due to having design emphasis split between two functions in itself (modulate-demodulate and routing) and limited customization of settings.

If its something like an AC88u or R8000/R8500 then it would be a more justified upgrade.

_________________
LATEST DD-WRT FW IS LOCATED HERE: ftp://ftp.dd-wrt.com/betas
spatmur
DD-WRT Novice


Joined: 19 Aug 2016
Posts: 14
Location: United States of Denial

PostPosted: Fri Feb 17, 2017 15:56    Post subject: Reply with quote
Hey MDA400, by internet gateway I am, in fact, referring to a new router that I put together. It's an APU2 from PC Engines with OpenBSD installed, acting as router/firewall/DHCP server. It's far more robust specs wise than the R7000, and I was interested in the opportunity to learn more by working with PF. Really, I didn't need to replace the R7000, it was more of a desire to tweak and reconfigure. Also, I know I can put the R7000 back in place as my main gateway if the APU2 fails or doesn't perform. But five days in and I am quite pleased with how everything is shaping up.
MDA400
DD-WRT User


Joined: 10 Jan 2015
Posts: 218
Location: Minnesota

PostPosted: Fri Feb 17, 2017 17:04    Post subject: Reply with quote
spatmur wrote:
Hey MDA400, by internet gateway I am, in fact, referring to a new router that I put together. It's an APU2 from PC Engines with OpenBSD installed, acting as router/firewall/DHCP server. It's far more robust specs wise than the R7000, and I was interested in the opportunity to learn more by working with PF. Really, I didn't need to replace the R7000, it was more of a desire to tweak and reconfigure. Also, I know I can put the R7000 back in place as my main gateway if the APU2 fails or doesn't perform. But five days in and I am quite pleased with how everything is shaping up.

Nice, I understand. Just making sure you didn't take any steps backwards Wink

_________________
LATEST DD-WRT FW IS LOCATED HERE: ftp://ftp.dd-wrt.com/betas
spatmur
DD-WRT Novice


Joined: 19 Aug 2016
Posts: 14
Location: United States of Denial

PostPosted: Fri Feb 17, 2017 17:23    Post subject: Reply with quote
Thanks for looking out! I appreciate it.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 1077
Location: London,UK

PostPosted: Fri Feb 17, 2017 18:36    Post subject: Reply with quote
well, you can always call it, just set static IP on your PC
in range of the router address and be sure to disconnect WAN
if its set up as a WAP or Switch/Forwarder mode...

_________________
Atheros
TP-Link WR740Nv4 .......DD-WRT 31791 (AP,NAT,AD Blocking,Firewall)
TP-Link WR1043NDv2 ------DD-WRT 32170 (AP,PPPoE,NAT,AD Blocking,Firewall)
TP-Link WR1043NDv2 ------DD-WRT 32170 (AP,NAT,AD Blocking,Firewall,No Wi-Fi)
Qualcomm/IPQ8065
Netgear R7800 ------------DD-WRT 31900M Kong (AP,NAT,AD Blocking,Firewall,DNSCrypt x2)
Broadcom
Netgear R7000 ---------DD-WRT 32170M Kong (AP,NAT,AD Blocking,Firewall,DNSCrypt)
Others
TP-Link WR1043NDv2.......... Gargoyle OS 1.9.2(AP,NAT,QoS,Quotas)
Netgear ProSAFE-GS105Ev2 ....(LAN Switch)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum